访问 SCIM API - Keyrock Fiware
Access SCIM API - Keyrock Fiware
我在 docker 容器 (https://hub.docker.com/r/fiware/idm/) 中使用 fiware-idm 映像,我正在尝试访问 SCIM API。有用户 "idm"(默认用户),他是提供者并且拥有所有权限。但是当我尝试获取所有用户时:
private String getAccessToken() {
HttpServletRequest httpServletRequest = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
HttpSession session = httpServletRequest.getSession();
String accessToken = (String) session.getAttribute("access_token");
return accessToken;
}
public void getUsers() throws IOException {
String accessToken = getAccessToken();
Client client = ClientBuilder.newClient();
Response response = client.target("http://192.168.99.100:5000/v3/projects")
.request(MediaType.TEXT_PLAIN_TYPE)
.header("X-Auth-token", accessToken)
.get();
setResultUsersList("-- status: " + response.getStatus() + " <br>"
+ "-- headers: " + response.getHeaders() + " <br>"
+ "-- body: " + response.readEntity(String.class) + " <br>"
+ "-- token: " + accessToken);
}
我收到一条错误消息:
{"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}
但是身份验证有效并且也获取了用户信息:
public void authenticateUser() throws OAuthSystemException, IOException {
HttpServletResponse httpServletResponse = (HttpServletResponse) FacesContext.getCurrentInstance().getExternalContext().getResponse();
OAuthClientRequest codeRequest = OAuthClientRequest
.authorizationLocation("http://192.168.99.100:8000/oauth2/authorize")
.setParameter("response_type", "code")
.setClientId(CLIENT_ID)
.setRedirectURI("http://localhost:8080/Example-Application-Security-UI/auth")
.buildQueryMessage();
httpServletResponse.sendRedirect(codeRequest.getLocationUri());
}
public void requestUserInfo() {
HttpServletRequest httpServletRequest = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
HttpSession session = httpServletRequest.getSession();
accessToken = (String) session.getAttribute("access_token");
String strJson = callWebservice("http://192.168.99.100:8000/user?access_token=" + accessToken);
JSONObject jsonObject = new JSONObject(strJson);
resultUserInfo = jsonObject.toString();
}
向 Keystone 发出请求时所需的 X-Auth-Token header 需要 Keystone 令牌 作为值,而不是您当前提供的 OAuth2 访问令牌.
您可以通过向身份验证端点发出 POST 请求来获取 Keystone 令牌。由于 Keystone 中支持的认证方式之一是 OAuth2,您甚至可以使用从 OAuth2 认证中获得的访问令牌来获取 Keystone 令牌:
POST /v3/auth/tokens
body:
"auth": {
"identity": {
"methods": [
"oauth2"
],
"oauth2": {
'access_token_id': access_token
}
}
}
您现在可以使用 Keystone 令牌向 SCIM API(或任何 API 经过身份验证的用户有权访问的端点)执行请求。
希望对您有所帮助!
Please note that the request to obtain the user information works since it is being performed to an endpoint in Horizon, rather than to a Keystone endpoint.
我在 docker 容器 (https://hub.docker.com/r/fiware/idm/) 中使用 fiware-idm 映像,我正在尝试访问 SCIM API。有用户 "idm"(默认用户),他是提供者并且拥有所有权限。但是当我尝试获取所有用户时:
private String getAccessToken() {
HttpServletRequest httpServletRequest = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
HttpSession session = httpServletRequest.getSession();
String accessToken = (String) session.getAttribute("access_token");
return accessToken;
}
public void getUsers() throws IOException {
String accessToken = getAccessToken();
Client client = ClientBuilder.newClient();
Response response = client.target("http://192.168.99.100:5000/v3/projects")
.request(MediaType.TEXT_PLAIN_TYPE)
.header("X-Auth-token", accessToken)
.get();
setResultUsersList("-- status: " + response.getStatus() + " <br>"
+ "-- headers: " + response.getHeaders() + " <br>"
+ "-- body: " + response.readEntity(String.class) + " <br>"
+ "-- token: " + accessToken);
}
我收到一条错误消息: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}
但是身份验证有效并且也获取了用户信息:
public void authenticateUser() throws OAuthSystemException, IOException {
HttpServletResponse httpServletResponse = (HttpServletResponse) FacesContext.getCurrentInstance().getExternalContext().getResponse();
OAuthClientRequest codeRequest = OAuthClientRequest
.authorizationLocation("http://192.168.99.100:8000/oauth2/authorize")
.setParameter("response_type", "code")
.setClientId(CLIENT_ID)
.setRedirectURI("http://localhost:8080/Example-Application-Security-UI/auth")
.buildQueryMessage();
httpServletResponse.sendRedirect(codeRequest.getLocationUri());
}
public void requestUserInfo() {
HttpServletRequest httpServletRequest = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
HttpSession session = httpServletRequest.getSession();
accessToken = (String) session.getAttribute("access_token");
String strJson = callWebservice("http://192.168.99.100:8000/user?access_token=" + accessToken);
JSONObject jsonObject = new JSONObject(strJson);
resultUserInfo = jsonObject.toString();
}
向 Keystone 发出请求时所需的 X-Auth-Token header 需要 Keystone 令牌 作为值,而不是您当前提供的 OAuth2 访问令牌.
您可以通过向身份验证端点发出 POST 请求来获取 Keystone 令牌。由于 Keystone 中支持的认证方式之一是 OAuth2,您甚至可以使用从 OAuth2 认证中获得的访问令牌来获取 Keystone 令牌:
POST /v3/auth/tokens
body:
"auth": {
"identity": {
"methods": [
"oauth2"
],
"oauth2": {
'access_token_id': access_token
}
}
}
您现在可以使用 Keystone 令牌向 SCIM API(或任何 API 经过身份验证的用户有权访问的端点)执行请求。
希望对您有所帮助!
Please note that the request to obtain the user information works since it is being performed to an endpoint in Horizon, rather than to a Keystone endpoint.